提问人:Salman 提问时间:8/25/2015 最后编辑:CommunitySalman 更新时间:7/20/2021 访问量:1775
如何使用 Axis2 和 Rampart 在 SOAP 请求中添加 MessageID
How to add MessageID in SOAP request using Axis2 and Rampart
问:
我正在尝试构建一个使用和使用外部服务器应用程序的客户端应用程序。Axis2rampat 1.6
检查SOAP请求时,一切似乎都很好,因为SOAP按预期进行了加密和签名。以下是用于此目的的策略 .xml 文件:
<wsp:Policy wsu:Id="MyPolicy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsam="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wst="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:SymmetricBinding>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireIssuerSerialReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:IncludeTimestamp/>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:EncryptedParts>
<sp:Body />
</sp:EncryptedParts>
<sp:SignedParts>
<sp:Body/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="ReplyTo"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="To"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="From"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="AckRequested"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="CreateSequence"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="Sequence"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="MessageID"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="FaultTo"/>
<sp:Header Namespace="http://docs.oasis-open.org/ws-rx/wsrm/200702" Name="SequenceAcknowledgement"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="Action"/>
<sp:Header Namespace="http://www.w3.org/2005/08/addressing" Name="RelatesTo"/>
</sp:SignedParts>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefEncryptedKey/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
</wsp:Policy>
</sp:Wss11>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>mySignAlias</ramp:userCertAlias>
<ramp:encryptionUser>myEncryptAlias</ramp:encryptionUser>
<ramp:user>myUser</ramp:user>
<ramp:passwordCallbackClass>myPackage.PasswordCallBackHandler</ramp:passwordCallbackClass>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientTrustStore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">[path goes here]/clientKeyStore.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">changeit</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
但是我在调用外部服务器应用程序时遇到以下轴故障:
SEVERE: org.apache.axis2.AxisFault: com.sun.xml.wss.XWSSecurityException: Policy verification error:Missing target MessageID for Signature
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:375)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:421)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
该错误是自我描述性的,SOAP 请求在 SOAP 标头中缺少标记。我厌倦了如何添加提到的标签,但没有运气;我在此链接中发现了如何添加自定义SOAP标头,将身份验证标头添加到客户端存根轴2MessageID
但我想避免这种情况,因为我正在添加身份验证属性。PasswordCallBackHandler
有什么方法可以在SOAP标头中自动添加?此外,还有类似的标签,如 、 、 ,以及如何将它们添加到 SOAP 标头中?MessageIDActionReplyToToFrom
--更新:
从使用工具自动生成的 java 文件 - 请参阅 Apache Axis2 用户指南 - 创建客户端以了解如何生成存根文件 - 我转到了自动生成的 Java 类中的 API 方法。有一条消息 contxet is created to send SOAP request,如下所示:Axis2ServiceStub
// create a message context
_messageContext = new org.apache.axis2.context.MessageContext();
我使用该对象设置消息 ID,如下所示:_messageContext
_messageContext.setMessageID("TEST_123456");
此外,我在调试模式下运行应用程序,我可以看到它已被添加到SOAP请求中,并且服务器在其响应中使用相同的请求。但是我仍然收到这个有线错误TEST_123456MessageIDMessageIDPolicy verification error:Missing target MessageID for Signature
令我感到困惑的是,服务器如何说他丢失了,尽管它出现在仅来自服务器的SOAP请求和响应中!MessageID
这与自动签名过程有什么关系吗?但即便如此,是否已经添加到从策略文件中,还可以做些什么来克服这个问题?MessageIDSignedParts
答:
0赞
Prabhu
7/20/2021
#1
您可以在 中添加所有属性,如 Message、Action、To 和其他属性。Stub::ServiceClient::Options
ServiceClient client = serviceStub._getServiceClient();
Options options = client.getOptions();
options.setAction(action);
options.setTo(new EndpointReference(referenceURL));
options.setMessageId(UUID.randomUUID().toString());
评论